- You spend 3hrs 15mins on your phone on average daily. Security is important.
- A SIM (subscriber identity mode) swap scam is a cyber attack that is used to steal your information and money.
- Last year, there were approximately 1.4 million reports of identity theft. Avoid being a statistic.
Cybercriminals have a number of sophisticated ways to access your personal details and drain your accounts. But one often overlooked method, known as SIM-swapping, is on the rise.
What is SIM swapping?
SIM cards, which are used in all smartphones, are where your data, as a user, including your phone number, is stored through the Global System for Mobile phones (GSM). Think of it as your home for all the personal information stored in your phone that you wouldn’t want to get into the wrong hands.
A SIM swapping attack is when someone tries to take control of your phone number by pretending to be you. They can use your number to gain access to your financial accounts through the second step of two-factor authentication (sending a text message or call verification to verify your identity).
It’s a scary, real, and, unfortunately, very effective tactic to exploit unsuspecting people with weak security for their digital tools. Becoming aware and increasing your security awareness will help stop you from becoming the next victim of cybercrime.
Social media and SIM swapping
Hackers will often use different strategies to find identifying credentials, such as your name, age, date of birth, and interests—all of which paint a picture of plausibility that they are you. Hackers gather this information through phishing or by gathering information on the internet about you whether it is through your social media channels or publicly available information on the web.
While individually these tactics may not seem particularly sophisticated, together they can build credibility and allow them to assume your identity with limited technical know-how.
Posing as you with their newly acquired information, the fraudster will then call customer service at your phone company and, using a made-up reason (my SIM card is damaged or lost), convince the representative to port or transfer the details over to a new SIM card. The result? Full control over your telephone number. This means the fraudster’s phone will receive your calls and text messages.
Next, they will use this weak point in multi-factor authentication (your phone number) to gain access to your email and financial accounts.
How do you know you’ve been SIM-swapped?
You’ll typically find out you’ve been SIM-swapped when your phone number stops working. In the worst-case scenario, hackers can disable access to your email and bank accounts, dip into your hard-earned funds and drain you of thousands of dollars, leaving your credit and financial portfolio in a mess.
Here are five steps you can take to avoid becoming the next victim of a SIM swap attack:
- Set a PIN (Personal Identification Number) code with your mobile carrier: Some mobile carriers allow you to add a PIN code in your phone's security settings for extra security. This adds another layer of protection so that changes cannot be made without that code.
- Reduce your digital presence: Review your digital presence on the internet, including your social media pages. Do you post publicly about your family's birthdays? Avoid oversharing personal details on social media as much as possible and delete details you previously shared.
- Use an authenticator app: Add an extra layer of protection with an authenticator app, that requires extra verifiable information only available on your phone. This will make it that much harder for all but the most hardened hackers to steal your personal information.
- Screen your phone calls, texts, and emails: The best way to avoid attackers accessing your personal information is not to give them the opportunity to interact with you and trick you into divulging that information. Be vigilant about noticing odd numbers, emails that look too good to be true (don’t click unrecognized attachments), or text messages from people you don’t know. You may consider enrolling in the National Do Not Call Registry (https://www.donotcall.gov)
- Use Strong and Unique Passwords: Create and use a complex and unique password for each of your accounts. Avoid repeating passwords that you use for any other accounts. When websites and online accounts are compromised, the lists of usernames, email addresses, and passwords are posted online. Passwords are revealed, and information that identifies the user, such as an email address, is exposed. That means a cybercriminal can search for other accounts linked to that user, such as work-related, social media, or banking accounts. When a fraudster discovers those accounts, they can easily try logging in with the exposed password and gain access if the password is reused. This is why having strong and unique passwords is important.
First Republic offers a range of cybersecurity services to proactively safeguard your accounts and improve your security posture.
